"""
题库系统 - 权限管理
提供基于角色的权限控制功能
"""
from rest_framework import permissions


class IsQuestionBankOwner(permissions.BasePermission):
    """题库所有者权限"""

    def has_object_permission(self, request, view, obj):
        # 题库所有者或有管理权限的用户可以访问
        return (
            obj.owner == request.user or
            request.user.is_staff or
            request.user.is_superuser
        )


class IsQuestionCreator(permissions.BasePermission):
    """题目创建者权限"""

    def has_object_permission(self, request, view, obj):
        # 题目创建者或有管理权限的用户可以访问
        return (
            obj.creator == request.user or
            request.user.is_staff or
            request.user.is_superuser
        )


class CanManageQuestionBank(permissions.BasePermission):
    """题库管理权限"""

    def has_permission(self, request, view):
        # 检查用户是否有管理题库的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.manage_questionbank')
            )
        )


class CanCreateQuestion(permissions.BasePermission):
    """题目创建权限"""

    def has_permission(self, request, view):
        # 检查用户是否有创建题目的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.add_question')
            )
        )


class CanImportExportQuestions(permissions.BasePermission):
    """题目导入导出权限"""

    def has_permission(self, request, view):
        # 检查用户是否有导入导出题目的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.import_export_questions')
            )
        )


class IsPublicQuestion(permissions.BasePermission):
    """公开题目权限"""

    def has_object_permission(self, request, view, obj):
        # 公开的题目任何人都可以访问
        return obj.is_public


class CanReviewQuestion(permissions.BasePermission):
    """题目审核权限"""

    def has_permission(self, request, view):
        # 检查用户是否有审核题目的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.review_question')
            )
        )


class IsOwnerOrReadOnly(permissions.BasePermission):
    """所有者或只读权限"""

    def has_object_permission(self, request, view, obj):
        # 安全的方法（GET、HEAD、OPTIONS）允许所有请求
        if request.method in permissions.SAFE_METHODS:
            return True

        # 写操作需要所有者权限
        return obj.owner == request.user or request.user.is_superuser


class IsCreatorOrReadOnly(permissions.BasePermission):
    """创建者或只读权限"""

    def has_object_permission(self, request, view, obj):
        # 安全的方法（GET、HEAD、OPTIONS）允许所有请求
        if request.method in permissions.SAFE_METHODS:
            return True

        # 写操作需要创建者权限
        return obj.creator == request.user or request.user.is_superuser


class CanViewStatistics(permissions.BasePermission):
    """统计查看权限"""

    def has_permission(self, request, view):
        # 检查用户是否有查看统计的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.view_statistics')
            )
        )


class IsQuestionOwnerOrReadOnly(permissions.BasePermission):
    """题目所有者或只读权限"""

    def has_object_permission(self, request, view, obj):
        # 安全的方法（GET、HEAD、OPTIONS）允许所有请求
        if request.method in permissions.SAFE_METHODS:
            return True

        # 写操作需要所有者权限
        return obj.creator == request.user or request.user.is_superuser


class IsQuestionBankOwnerOrReadOnly(permissions.BasePermission):
    """题库所有者或只读权限"""

    def has_object_permission(self, request, view, obj):
        # 安全的方法（GET、HEAD、OPTIONS）允许所有请求
        if request.method in permissions.SAFE_METHODS:
            return True

        # 写操作需要所有者权限
        return obj.owner == request.user or request.user.is_superuser


class CanAccessQuestionBank(permissions.BasePermission):
    """题库访问权限"""

    def has_object_permission(self, request, view, obj):
        # 检查用户是否可以访问题库
        return (
            obj.owner == request.user or
            obj.is_public or
            request.user.is_staff or
            request.user.is_superuser
        )


class CanAddQuestionsToBank(permissions.BasePermission):
    """题库添加题目权限"""

    def has_object_permission(self, request, view, obj):
        # 检查用户是否可以添加题目到题库
        return (
            obj.owner == request.user or
            request.user.is_staff or
            request.user.is_superuser or
            request.user.has_perm('question_bank.add_questions_to_bank')
        )


class CanImportQuestions(permissions.BasePermission):
    """题目导入权限"""

    def has_permission(self, request, view):
        # 检查用户是否有导入题目的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.import_questions')
            )
        )


class CanExportQuestions(permissions.BasePermission):
    """题目导出权限"""

    def has_permission(self, request, view):
        # 检查用户是否有导出题目的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.export_questions')
            )
        )


class CanReviewQuestions(permissions.BasePermission):
    """题目审核权限"""

    def has_permission(self, request, view):
        # 检查用户是否有审核题目的权限
        return (
            request.user.is_authenticated and (
                request.user.is_staff or
                request.user.is_superuser or
                request.user.has_perm('question_bank.review_questions')
            )
        )


class HasQuestionBankAccess(permissions.BasePermission):
    """题库访问权限检查"""

    def has_permission(self, request, view):
        # 检查用户是否已认证
        return request.user.is_authenticated

    def has_object_permission(self, request, view, obj):
        # 检查用户是否有权限访问特定题库
        return (
            obj.owner == request.user or
            obj.is_public or
            request.user.is_staff or
            request.user.is_superuser
        )